james mckay dot net

Now when you announce on your blog that you are starting work in an establishment such as Parliament, you naturally brace yourself for at least a modest increase in web traffic. After all, when your place of employment features prominently on the front page of almost every newspaper in the country several times a week, people do tend to take an interest, even if you are a serious INTJ blogger writing a serious INTJ blog about technology that is not work related. You certainly don’t expect your Feedburner subscriptions to drop overnight from 50 to fifteen.

However, that was what happened to me, and it had me scratching my head a bit. What kind of people would hit the “unsubscribe” button on reading that kind of news? I know that certain individuals in Westminster get a bit of a bad press from time to time, but surely there isn’t some kind of deep-seated prejudice out there that extends to those of us whose role is to spend the entire day looking at computer screens doing fancy things with XML?

It turns out that the cause was actually somewhat more mundane. The day after I posted that particular entry, I moved my blog off my shared hosting account onto a new virtual server, and while it mostly went smoothly, I inadvertently missed out the Feedburner plugin that had been redirecting my feeds. So anyone who had subscribed to the WordPress default http://jamesmckay.net/feed/ rather than the Feedburner version at http://feeds.feedburner.com/jamesmckay would not have been counted. Okay, download latest version of plugin, install, activate, and after 24 hours, the figure on my Feedburner widget is beginning to look a little bit more respectable again.

End of story? Not quite.

For the past couple of years or so, I’ve subscribed to my own blog in Google Reader. This is mainly a diagnostic thing — it shows how long it’s taking for my blog entries to show up (it frequently takes up to about three or four hours), and that everything is displaying correctly. Now Google Reader caches old blog entries, and for as long as I could remember, the oldest one that has appeared in my list was the entry, “Pastors, get blogging!” back in November 2006. This is what you will see if you have subscribed to http://feeds.feedburner.com/jamesmckay.

Anyway, I decided to unsubscribe from my feed and re-subscribe — only to find that Google Reader had lost track of all my blog entries except the last ten.

It turns out that this is because my Feedburner feeds are now being redirected to http://feeds2.feedburner.com/jamesmckay, which Google Reader treats as a completely separate feed.

A little bit of experimentation confirmed this. My blog’s feed URL can take several different forms — it works with a trailing slash or without, with a “www.” subdomain or without, and so on. By constructing it in different ways when you plug it into Google Reader, you can get different posting histories. The longest one seems to be http://www.jamesmckay.net/feed which goes back to February 2006.

This behaviour is only to be expected, of course. I’m sure that Google could identify when two different URLs point to the same feed, and could treat similar looking ones that give the same content as one and the same. I’m sure too that they could deliver a tighter integration between Feedburner and Google Reader in this particular respect. However, that could be an over-engineered solution capable of introducing all sorts of other problems. It would have been far better if they’d just left the feed at its original location rather than chopping and changing all over the place.

Comments closed »

Posted at 12:04 on 7 February 2009.
Tagged: blogging

The answer: that someone reached my blog by typing that very question into Google. It’s been a while since I last went through my Google Analytics search results, but when I did recently, I also discovered that people arrived here by searching for curiosities such as “busker in kilt bath” or “cool stuff that ten year olds like to put on descktop” (sic) or “dentist torture” or “deliverance ministry in horsham uk”. And so, as another year has drawn to a close, here are some more particularly interesting searches from 2008, that I will take a moment or two to comment on:

“corporate dressing, corridors of power”

Does Google know too much about me?! When I came across this one, I had said almost nothing about my new job on my blog. But yes I am expected to wear a tie (except during recess and on non-sitting Fridays) — however, it doesn’t really bother me.

“curiosities of the number 23″

Wikipedia has a pretty comprehensive list. Including, as ever, “in popular culture.”

“how not to look a prat in a cycle helmet”

Simple: don’t wear one. Obviously, if you are concerned about safety, or live in a jurisdiction where the law demands it, this is not an option. You’ll just have to put up with looking a prat.

“how do you pronounce mckay”

It rhymes with “eye,” not with “day.” Even Stargate Atlantis and the folks on the History Channel who interview a well known exobiologist who shares his surname with me get it wrong. Sigh. But talking of Stargate Atlantis, someone asked:

“what programming language do they use on stargate atlantis for the machines”

Hmmm, I don’t know whether Stargate Command use .NET and C#, as whoever searched for “stargate c# dot net” must have been thinking, but apparently, it turns out that the Replicators are programmed in JavaScript. It also seems that one visitor to my blog thinks that there is a “stargate near m6 motorway”.

You really wonder sometimes…

Comments closed »

Posted at 00:00 on 1 January 2009.
Tagged: blogging

I was delighted to learn last week that I have been accepted as a member of 9rules. If you’ve never heard of it before, it’s an exclusive network of quality blogs run by Paul Scrivens, Mike Rundle and Tyme White. They don’t just accept anyone and everyone — only blogs with consistently good quality, design and content get accepted, so it was heartening to know that someone thinks I’m doing something right. They set the bar fairly high — you need to have been blogging consistently for at least six months, and they look for well thought out, thoroughly researched posts, and a good, consistent, easy to navigate design that is appropriate to what you’re writing about. So if you are one of those types who writes detritus like “omg lol chk out this youtube vid lmao rotfl” or posts those inane quizzes that tell you which Star Wars character you are, forget it.

There are some pretty interesting people in the network, such as Joe Anderson, who writes about a variety of issues related to general technology, Web 2.0 and “the” Wikipedia, and Lorelle van Fossen, whose blog about blogging is very well regarded within the WordPress community. Check out neverhappen.com too — it’s a daily photoblog with some absolutely stunning photography.

Needless to say, this will keep the pressure on me to come up with good quality content. The fact that I’m working in London for one of our Very Important Clients for the next three months puts even more pressure on my time as well — I have to set my alarm for half past five in the morning in order to catch the 07:25 train. However, a 55 minute commute each way does give me an opportunity to jot down some ideas for interesting content, even though the train can be pretty full and elbow room can be at a premium sometimes.

Comments closed (2) »

Posted at 13:00 on 10 September 2008.
Tagged: blogging

Since I am at our annual Faith Camp this week and spending copious amounts of time in a sheep shed with only a slow Internet connection over my mobile phone, I am spending very little time online this week. Hey, what do you expect? This isn’t RailsConf — there isn’t a MacBook or an Ubuntu T-shirt in sight…

I have found in recent months that spam comments are sneaking past my arsenal of defences at a rate of about three or four a week, so I have set my blog to moderate comments until I get back. So if you leave a comment and it does not appear immediately, please bear with me. Anything legitimate should be dealt with by the start of next week.

Comments closed »

Posted at 13:03 on 30 July 2007.
Tagged: blogging, faith

Well just a couple of days after I reinstalled Windows on my laptop, the screen finally decided to die. This means that until I get it replaced, I’m offline in the evenings and at weekends. It’s about time I replaced my laptop anyway though. It’s now nearly four years old, and while it’s still perfectly serviceable, it’s beginning to get a bit geriatric in computer terms now. It weighs a ton and feels like having a fan heater sitting on your lap, it gets that hot.

I think this will give my wrists a bit of a well-earned rest. They’ve been getting a bit sore with my recent experiments with /(Dvor|Colem)ak/. Shai Coleman, the designer of Colemak, responded to a comment that I made on the Colemak forums saying that you do experience some discomfort initially, but it goes if you persist. However, I am still on qwerty at work and that isn’t likely to change now.

I’ll still be blogging when I get a chance, however. I’ll just be relying on pen and paper a lot more for the first draft of each entry. I think this speeds up the process somewhat though. I tend to be something of a perfectionist at times: I find it all too easy to either (a) over-research my blog posts, or (b) spend too long editing, chopping and changing them, and just having a pen and paper puts a bit of a restraining hand on me from both these tendencies, since I have to write it all offline in one pass without recourse to Wikipedia.

Comments closed »

Posted at 18:13 on 3 July 2007.
Tagged: blogging

One of the fun things about blogging that the MySpace crowd completely misses out on is that people get to your blog through Google, and if you have a bit of techno-savvy, or a Google Analytics account, or both, you can see what people are searching for to get to it. It’s quite amusing to take a look at these from time to time, especially when you get gems such as this one:

“replacing a spleen with something else”

Don’t ask me why, but at the moment I am at the top of this particular Google search, despite the fact that my knowledge and understanding of, and interest in, spleen transplants is zilch. What exactly they were thinking when they typed that into Google, the mind boggles.

Here are a few others:

“windows live writer and myspace”

Windows Live Writer works very well with several popular blogging packages and providers, including Blogger, WordPress, Movable Type, and, of course, Windows Live Spaces. However, MySpace is not one of them. It’s totally unsupported, mainly because MySpace has never released its own API. MySpace is all very well for social networking and showing off your gratuitous absence of web design skills, but as a blogging platform, it is rubbish. Get a real blog.

“james mckay poetry”

I did try writing a little poetry as a teenager. However, the doggerel I came up with was on a par with William Topaz McGonagall or Amanda McKittrick Ros so I threw it out. Nothing to see here. Move along please.

“jim mckay world cup”

It seems I have a namesake who is a well known American sports broadcaster. Apparently, I also have another namesake who is an expert on ferrets, as I discovered when somebody from the Netherlands e-mailed me to ask if that’s me. Sorry, it isn’t.

“ideal microwave height”

Any height is fine as far as I’m concerned, as long as it doesn’t bring it into conflict with the wireless router…

“interactive swearing keyboard”

Why, oh why, oh why, do people search for things such as this? I’d hate to have a keyboard that swore at me. So would all my colleagues. So would everyone else I know. But then again, you get all sorts…

“unathleticism”

That’s my middle name

Comments closed »

Posted at 23:50 on 4 January 2007.
Tagged: blogging

Kingdom Faith has a new website design, and the long awaited RSS feeds on the video blogs have finally arrived. There’s some great teaching, and you can have Google Reader or Internet Explorer 7 automatically alert you whenever there’s more for you to watch, listen to or read, without having to go back to the site every so often to check. Nice one.

Even better, I am told the video blogs will have a comment system in the near future.

That’ll be pretty exciting if they do it right. Comments are a crucial element of blogging: your readers can post their own feedback which will then appear below your article. In this way you can interact with them — they can ask you questions or initiate a discussion, and if you do it right, it gives them a feeling that they are actually interacting with real human beings rather than someone who is standing six feet above contradiction. It gives pastors a great way of interacting with, and even maybe widening, their audience beyond the four walls of the church.

There’s a new book coming out in the New Year called The Blogging Church, which looks like it could be a pretty good read. It is written by Brian Bailey, the technology director at Fellowship Church in Dallas, Texas, the fifth largest church in the USA. Bailey is also a friend of blogging guru and former Microsoftie Robert Scoble. Scoble’s book, Naked Conversations, is itself a must-read for anyone who is serious about blogging. It doesn’t blind you with science or technobabble, but focuses much more on the social and business aspects of blogging.

So pastors everywhere — you know what to do: get blogging. If you don’t know how to get started, the WordPress hosted service is as good as any.

Comments closed (1) »

Posted at 10:38 on 26 November 2006.
Tagged: blogging, faith

A new feature of Faith Camp this year is a daily video report from around the showground, which is shown on the screens at some point in the main meeting every evening. Pastor Colin introduced them last night, saying “Apparently, the in word is ‘blog’. So here is our first video blog.”

It’s a great idea, though perhaps a slight misunderstanding of the word “blog” — which actually means an online diary that allows readers to post comments. A bit like my own website, for example. Purists such as Robert Scoble would add the requirement for RSS feeds, trackbacks and pinging blog search engines such as Technorati, though in practice, not all blogs do this. Then again, I guess we could stretch the definition a bit just for Faith Camp. There aren’t likely to be that many people going online on the East of England Showground during the week, after all.

Update: They’ve put the videos online. Lovely. I think that qualifies as a blog now.

Comments closed »

Posted at 19:33 on 30 July 2006.
Tagged: blogging, faith

It’s great that our church makes good use of all the technological resources at its disposal to spread the Gospel. We couldn’t make it to the service yesterday morning, so we got the live stream over the Internet. It’s wonderful that modern technology makes it possible for you to get church to come to you when you can’t get to church.

The new video blogs look set to be quite promising if they do it right. It’s just a bit of a shame that there are no RSS feeds — I’d love to plug them into my news reader. C’mon guys, once Windows Vista hits the shelves in a few months, RSS is gonna go mainstream big time.

Comments closed (1) »

Posted at 08:45 on 5 June 2006.
Tagged: blogging, faith

For the past week and a half a hacker seems to have been trying to use my contact form as a relay for sending spam.

I was first alerted to this at the start of last week when I received a couple of e-mail messages through my contact form that contained a garbled subject line and a message body that appeared to consist mainly of SMTP headers. Checking my website access logs indicated that they were specifying no user agent string and coming from a wide variety of IP addresses, which suggests to me that they were doing some kind of IP address spoofing.

I locked off my blog to POST requests from visitors with no user agent, and added a bit of code to save fuller details of these requests to a text file. One such request gave me this posted data:

UIMessage = thy9762@jamesmckay.net
UISubject = thy9762@jamesmckay.net
UIEmail = thy9762@jamesmckay.net
UIName = floated
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: solicitude of my noble friends got the start of
bcc: charleselegbed@aol.com

53d44f59854c6571b004d87de523ce99
.

What is going on here? The variables UIMessage, UISubject, UIEmail and UIName are (or rather, were) the names of the input fields on my contact form. What this hacker seems to have done is to submit a request to my contact form containing the following information in the “UIName” field:

floated
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: solicitude of my noble friends got the start of
bcc: charleselegbed@aol.com

53d44f59854c6571b004d87de523ce99
.

The net effect of this would be to stick some additional headers into the e-mail — including this bcc at the bottom to charleselegbed@aol.com, whoever he is. A Google search for this e-mail address finds a lot of apparently similarly compromised guestbooks, blog comments and the like, so presumably he’s running some kind of bot.

The messages are coming fairly regularly, about two an hour between 5pm and 8am UTC or so, from a wide variety of IP addresses, which seems to indicate that they are being spoofed. It is possible to spoof your IP address but it does mean that you won’t receive a response from the web server. However, the hacker clearly isn’t interested in the response here: he’s more interested in seeing if his probing e-mail gets delivered, which he will be able to determine from the 32-character string at the top of the message subject. If he does, then the next stage would be to submit another request to your website using the relevant knowledge to send out a whole lot of spam.

I checked my e-mail logs to see if he had attempted this. Sure enough, he had, but his attempts had failed, thanks to a rather convenient size restriction that my ISP places on SMTP headers in e-mail messages.

Armed with this knowledge, I quickly added some code to my contact form to reject any submissions that include a newline character where there shouldn’t be one. I am also checking the sender’s e-mail address a lot more carefully as well, and I’ve renamed the contact form, the input fields on it, and the address to which contact e-mail messages are sent. However, I’m still getting regular requests for the original contact form. Since they are using IP address spoofing, they wouldn’t be receiving the 404 status code, but it’s still a bit odd, given that they won’t have received any probing e-mails for several days now.

The vulnerability particularly seems to affect PHP’s mail() function, which relies on the “additional headers” parameter for things such as setting the “From:” address, the priority, and so on. This parameter is supplied in the form of a string, which is blindly appended to the end of the SMTP headers in your e-mail message. This is in contrast to how it is done in ASP.NET, for instance, where additional headers are much more sensibly specified as a dictionary of key-value pairs.

To avoid problems with this, you need to validate your user input carefully. First, check that anything that is supposed to be a single-lined value actually is a single-lined value, i.e. it doesn’t contain carriage returns (‘r’) or linefeeds (‘n’). Secondly, check to ensure that anything that is supposed to be an e-mail address actually is an e-mail address. The blogging software that I use, WordPress, has this rather useful function:

function is_email($user_email) {
  $chars = "/^([a-z0-9+_]|-|.)+@(([a-z0-9_]|-)+.)+[a-z]{2,6}$/i";
  if(strstr($user_email, '@') && strstr($user_email, '.')) {
    if (preg_match($chars, $user_email)) {
      return true;
    } else {
      return false;
    }
  } else {
    return false;
  }
}

Finally, if you are constructing your e-mail address in the form “name” <email@address>, make sure that you strip out any characters that might confuse it from the name that the user supplies, such as quotation marks, square or angle brackets, and so on.

My initial tests on ASP.NET’s System.Web.Mail classes indicate that they are somewhat more robust, but this probably won’t stop them having a go regardless. This can be a little bit annoying, so it’s best to stick in some more validation anyway. You can never be too careful, after all!

Comments closed (1) »

Posted at 13:40 on 13 December 2005.
Tagged: blogging, security